DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Task Category
|
A name for a subclass of events within the same Event Source.
|
TaskCategory
|
|
Level
|
Warning, Information, Error, etc.
|
Level
|
|
Keywords
|
Audit Success, Audit Failure, Classic, Connection etc.
|
Keywords
|
|
Category
|
A name for an aggergative event class, corresponding to the similar ones present in Windows 2003 version.
|
Category
|
Account Logon
|
Object Name
|
|
-
|
|
Whom
|
|
-
|
|
Object Type
|
|
-
|
|
Class Name
|
|
-
|
|
Security ID
|
|
-
|
|
Account Name
|
|
-
|
|
Account Domain
|
|
-
|
|
Local Endpoint: Network Address
|
|
InsertionString1
|
%1
|
Local Endpoint: Network Address mask
|
|
InsertionString2
|
%2
|
Local Endpoint: Port
|
|
InsertionString3
|
%3
|
Local Endpoint: Tunnel Endpoint
|
|
InsertionString4
|
%4
|
Remote Endpoint: Network Address
|
|
InsertionString5
|
%5
|
Remote Endpoint: Address Mask
|
|
InsertionString6
|
%6
|
Remote Endpoint: Port
|
|
InsertionString7
|
%7
|
Remote Endpoint: Tunnel Endpoint
|
|
InsertionString8
|
%8
|
Remote Endpoint: Private Address
|
|
InsertionString10
|
%10
|
Additional Information: Protocol
|
|
InsertionString9
|
%9
|
Additional Information: Keying Module Name
|
|
InsertionString11
|
%11
|
Additional Information: Mode
|
|
InsertionString14
|
%14
|
Additional Information: Role
|
|
InsertionString16
|
%16
|
Additional Information: Quick Mode Filter ID
|
|
InsertionString18
|
%18
|
Additional Information: Main Mode SA ID
|
|
InsertionString19
|
%19
|
Failure Information: State
|
|
InsertionString15
|
%15
|
Failure Information: Message ID
|
|
InsertionString17
|
%17
|
Failure Information: Failure Point
|
|
InsertionString12
|
%12
|
Failure Information: Failure Reason
|
|
InsertionString13
|
%13
|
Additional Information: Virtual Interface Tunnel ID
|
|
InsertionString20
|
%20
|
Additional Information: Traffic Selector ID
|
|
InsertionString21
|
%21
|